Design and Stability Practices of the Beike Storage Gateway

The Beike storage service provides S3‑compatible object storage for files, images, and media, allowing business users to upload and download objects organized in buckets, with near‑infinite scalability and four‑nine (99.99%) availability.

Because the storage gateway is a critical upstream service, its stability is paramount. The gateway validates signatures, performs authentication, checks file size and black‑/white‑lists, then forwards data to backend cloud object stores such as AWS S3, Tencent COS, or Alibaba OSS.

Entrance construction includes per‑bucket and global rate limiting using the open‑source Sentinel component, as well as bandwidth limiting similar to Nginx's limit_rate . The flow first checks bucket‑level limits, then global limits before allowing traffic.

Example Go interfaces for I/O:

type Reader interface {
    Read(p []byte) (n int, err error)
}

type Writer interface {
    Write(p []byte) (n int, err error)
}

A custom reader that enforces bandwidth quotas:

type UploadBandWidtLimitReadCloser struct {
    Bucket      string
    Payload    io.ReadCloser
    qpsLimiter *limit.Limiter
}

func (this *UploadBandWidtLimitReadCloser) Read(p []byte) (n int, err error) {
    // bucket quota check...
    // global quota check...
    // if exceeded, wait via Sentinel's throttling (max 2 min)
    return this.Payload.Read(p)
}

Dependency degradation is handled via a configurable switch that can bypass OpenIAM signature verification when needed:

openiamDegradeSwitch = false
openiamDegradeConfig = {"__default__": "allow_all"}

Granular degradation strategies include separate policies for intranet vs. internet, and bucket‑level allowlists.

Multi‑cloud switching leverages the S3 standard to integrate multiple providers (Alibaba, Tencent, ChubaoFS) or self‑hosted object stores. Implementations need only satisfy a common StoreRepository interface:

type StoreRepository interface {
    Initiate(ctx context.Context, config *StoreConfig) (context.Context, error)
    // Bucket methods...
    // Object methods...
    CopyObject(ctx context.Context, input *s3.CopyObjectInput) (*s3.CopyObjectOutput, error)
    DeleteObject(ctx context.Context, input *s3.DeleteObjectInput) (*s3.DeleteObjectOutput, error)
    GetObject(ctx context.Context, input *s3.GetObjectInput) (*s3.GetObjectOutput, error)
    HeadObject(ctx context.Context, input *s3.HeadObjectInput) (*s3.HeadObjectOutput, error)
    ListObjects(ctx context.Context, input *s3.ListObjectsInput) (*s3.ListObjectsOutput, error)
    ListObjectsV2(ctx context.Context, input *s3.ListObjectsV2Input) (*s3.ListObjectsV2Output, error)
    PutObject(ctx context.Context, input *s3.PutObjectInput) (*s3.PutObjectOutput, error)
    // multipart upload methods…
}

Configuration in Apollo allows per‑bucket backend selection and data synchronization for disaster‑recovery, enabling automatic read/write failover between cloud platforms.

Monitoring and alerting cover QPS, bandwidth usage, rate‑limit triggers (bucket, time, business), IAM errors, cloud provider errors, connection‑pool metrics, and response‑time anomalies. These alerts enable proactive issue detection and remediation.

The overall architecture consists of an entry rate‑limit module, a signature/authentication layer (with degradable fallback), a protocol conversion module that maps S3 calls to the chosen backend, and a message‑driven pipeline for multi‑cloud sync and media processing.

Future plans include a self‑service portal for bucket management, edge‑node upload acceleration, cost‑optimization via lifecycle policies and FAAS‑based media processing, and expanded multimedia capabilities such as cropping, watermarking, transcoding, and preview generation.

In summary, the Beike storage gateway combines S3 compatibility, fine‑grained traffic control, robust degradation, multi‑cloud flexibility, and comprehensive observability to deliver a highly available, scalable storage solution for billions of objects.